IP Address: 39.99.60.12Previously Malicious
IP Address: 39.99.60.12Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
39.99.60.12 |
|
Domain |
- |
|
ISP |
Aliyun Computing Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-02 |
Last seen in Akamai Guardicore Segmentation |
2022-04-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 100.44.108.165:80, 100.44.108.165:8080, 101.43.91.194:1234, 104.1.119.96:80, 104.1.119.96:8080, 108.109.9.55:80, 108.109.9.55:8080, 110.19.135.248:22, 110.43.36.79:80, 110.43.36.79:8080, 111.115.216.23:80, 111.115.216.23:8080, 113.44.138.201:80, 113.44.138.201:8080, 116.43.113.128:80, 116.43.113.128:8080, 121.146.25.72:80, 121.146.25.72:8080, 124.223.5.118:1234, 129.193.81.86:80, 129.193.81.86:8080, 131.37.142.226:80, 131.37.142.226:8080, 131.81.91.45:80, 131.81.91.45:8080, 132.177.72.173:80, 132.177.72.173:8080, 14.153.79.133:80, 14.153.79.133:8080, 143.59.63.57:80, 143.59.63.57:8080, 143.65.204.89:80, 143.65.204.89:8080, 157.182.235.73:80, 157.182.235.73:8080, 159.65.242.113:1234, 171.25.63.231:80, 171.25.63.231:8080, 180.109.164.131:1234, 182.156.215.60:80, 182.156.215.60:8080, 198.26.6.64:2222, 204.183.69.141:80, 204.183.69.141:8080, 207.49.30.19:80, 207.49.30.19:8080, 215.1.111.242:2222, 215.106.175.211:2222, 218.18.66.203:80, 218.18.66.203:8080, 218.80.30.223:80, 218.80.30.223:8080, 242.36.136.206:80, 242.36.136.206:8080, 252.20.37.124:80, 252.20.37.124:8080, 27.221.118.170:2222, 28.130.1.19:80, 28.130.1.19:8080, 35.170.191.119:1234, 35.90.105.44:80, 35.90.105.44:8080, 39.99.60.12:1234, 42.116.61.17:22, 42.127.79.107:80, 42.127.79.107:8080, 43.70.133.210:80, 43.70.133.210:8080, 47.199.106.75:80, 47.199.106.75:8080, 54.46.245.102:2222, 58.109.11.252:2222, 61.217.201.162:22, 62.237.196.148:2222, 66.120.215.86:2222, 68.158.252.128:2222, 69.126.235.71:22, 70.242.128.161:80, 70.242.128.161:8080, 70.80.247.202:2222, 75.72.123.223:80, 75.72.123.223:8080, 79.194.133.107:2222, 84.193.29.122:1234, 90.186.234.33:80, 90.186.234.33:8080, 96.166.11.3:2222 and 99.253.227.196:2222 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8080 and 8183 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 13 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 13 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 13 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: optonline.net |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|